[wp-hackers] Form injection and gzipping

Andy Skelton skeltoac at gmail.com
Fri Feb 24 13:00:45 GMT 2006


On 2/22/06, Eric A. Meyer <eric at meyerweb.com> wrote:
>     So back in November, Jeremy Dunck finally tracked down[1] the
> cause of the last major bug in WP-Gatekeeper[2], where it wouldn't
> auto-add itself to comment forms on many people's sites.  The
> problem, it seems, is that the attempt to auto-add the challenge
> happens after the page is gzipped when that option is turned on, so
> the regexps fail.  (Obviously!)  So if gzipping is enabled, as it is
> for most people, the auto-injection won't work.  Manual injection,

To fix this, you have to understand that output buffers are FILO,
meaning that if you start your buffer first, it will be the last one
to be processed. Your buffer is started in the plugin. Examine
wp-blog-header.php and you'll see that gzip_compression()'s buffer is
started after all of wp-config has run--long after your plugin has
started its buffer.

There's only one hook after gzip_compression, and it's template_redirect.
Try this:

add_action('template_redirect', 'ob_start', 'gatekeeper_comment_form_filter');

Andy


More information about the wp-hackers mailing list